From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 13:10:48 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF5EB546 for ; Fri, 11 Apr 2014 13:10:48 +0000 (UTC) Received: from strudel.ki.iif.hu (strudel.ki.iif.hu [IPv6:2001:738:0:411:20f:1fff:fe6e:ec1e]) by mx1.freebsd.org (Postfix) with ESMTP id 995CC16FE for ; Fri, 11 Apr 2014 13:10:48 +0000 (UTC) Received: from bolha.lvs.iif.hu (bolha.lvs.iif.hu [193.225.14.181]) by strudel.ki.iif.hu (Postfix) with ESMTP id D8D424FD; Fri, 11 Apr 2014 15:10:47 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at bolha.lvs.iif.hu Received: from strudel.ki.iif.hu ([IPv6:::ffff:193.6.222.244]) by bolha.lvs.iif.hu (bolha.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id A4PUJpFp6nsK; Fri, 11 Apr 2014 15:10:39 +0200 (CEST) Received: by strudel.ki.iif.hu (Postfix, from userid 9002) id 77384531; Fri, 11 Apr 2014 15:10:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by strudel.ki.iif.hu (Postfix) with ESMTP id 6F84D4FD; Fri, 11 Apr 2014 15:10:39 +0200 (CEST) Date: Fri, 11 Apr 2014 15:10:39 +0200 (CEST) From: Mohacsi Janos X-X-Sender: mohacsi@strudel.ki.iif.hu To: sbremal@hotmail.com Subject: RE: CVE-2014-0160? In-Reply-To: Message-ID: References: , User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 13:10:48 -0000 On Fri, 11 Apr 2014, sbremal@hotmail.com wrote: > ext 65281 (renegotiation info, length=1) > ext 00011 (EC point formats, length=4) > ext 00035 (session ticket, length=0) > ext 00015 (heartbeat, length=1) <-- Your server supports heartbeat. Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check. > Actively checking if CVE-2014-0160 works: Your server appears to be patched against this bug. > > Kösz! ;-) > > Is there any reason why nightly security patches are not enabled by default in FreeBSD? Very easy to configure download and notification if you use freebsd-update: Add to /etc/crontab: @daily root /usr/sbin/freebsd-update cron In your daily e-mail log you can see, if any changes happened in the freebsd-update reposity. Then you can decide when to up-date. Regards, Janos Mohacsi From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 13:13:02 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 068AA83F for ; Fri, 11 Apr 2014 13:13:02 +0000 (UTC) Received: from st11p09mm-asmtp001.mac.com (st11p09mm-asmtp001.mac.com [17.164.24.96]) by mx1.freebsd.org (Postfix) with ESMTP id C22E017B4 for ; Fri, 11 Apr 2014 13:13:01 +0000 (UTC) MIME-version: 1.0 Received: from [10.71.14.16] (dsl-hkibrasgw1-58c380-33.dhcp.inet.fi [88.195.128.33]) by st11p09mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N3V001AUBD5D560@st11p09mm-asmtp001.mac.com> for freebsd-security@freebsd.org; Fri, 11 Apr 2014 13:12:44 +0000 (GMT) Content-type: multipart/signed; boundary="Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F"; protocol="application/pgp-signature"; micalg=pgp-sha512 Subject: Re: CVE-2014-0160? From: Kimmo Paasiala In-reply-to: Date: Fri, 11 Apr 2014 16:12:36 +0300 Message-id: References: To: sbremal@hotmail.com X-Mailer: Apple Mail (2.1874) x-icloud-spam-score: 34444444 f=icloud.com; e=icloud.com; is=no; ir=yes; pp=ham; spf=n/a; dkim=n/a; dmarc=n/a; wl=n/a; pwl=n/a; clxs=n/a; clxl=n/a X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaGxEKTEMXGx0EGx0YBBIZBBscEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxsbGmJCH2lpG2scGXhzB xloGxkbGEMfEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxwQGx4aHxsRCl5ZF2FMcx1 EEQpMRhdsa2sRCkNaFxISBBsTHwQbGBIEGRkRCkRYFxgRCkRJFxgRCkJFF2Z9fxNNb1xgZRoSE QpCThdrRRpSUB5DXFlcaBEKQkwXbk0deVljZGh+GEYRCkJsF2FAfFNsSx8YZHt+EQpCQBdlGBl Ea1tzYHlPYhEKcGgXblhDZUBLT2BEYW4RCnBoF2BkXnJBGhJ6TRt8EQpwaBd6bWkbenBMXllrH REKcGgXaHJMXVJCRX15WFgRCnBoF2NiXVABTkBjSU54EQpwaxdif0lbTER9ZRgbBREKcEsXYml yE1hdXGdtU3MRCnBrF2hafhpSeVtyHVJnEQpwbBdtZ24FH2FOYRxbGxE= X-CLX-Spam: false X-CLX-Score: 1011 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96,1.0.14,0.0.0000 definitions=2014-04-11_04:2014-04-11,2014-04-11,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=5 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404110214 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 13:13:02 -0000 --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 11.4.2014, at 15.53, sbremal@hotmail.com wrote: > ext 65281 (renegotiation info, length=3D1) > ext 00011 (EC point formats, length=3D4) > ext 00035 (session ticket, length=3D0) > ext 00015 (heartbeat, length=3D1) <-- Your server supports heartbeat. = Bug is possible when linking against OpenSSL 1.0.1f or older. Let me = check. > Actively checking if CVE-2014-0160 works: Your server appears to be = patched against this bug. >=20 > K=F6sz! ;-) >=20 > Is there any reason why nightly security patches are not enabled by = default in FreeBSD? >=20 >=20 > Cheers > B. >=20 Why do you make such claim? The security patches are very much = =93enabled=94 (by using your words) in FreeBSD by default. This assuming = that you are in fact aware of the update methods that are available and = how they work. And for the update methods and how they work there=92s a = tremendous amount of information out there, even translated to your = native language in some cases if the language barrier is a problem for = you. -Kimmo --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJTR+pHAAoJEFvLZC0FWRVpeC8H/2TqUD9sGJSnOITspPYASBJZ 6mqH7sTNNZG0GoeYAaIyg5SAhG2pWRBSRrnT7wmWwWbbGDf20rTfyEkfIxwclkbB fRdfMVFKFDNYx2GmZWgAi7XZaZskMRxMIwlgOXGUc2EtluLJdTnHvbqThHgn3xB9 QarWxr61yqfArPkq5by0RvWIXoFMRE3bWevtkrdIwwIfQAVKaNFbhkvE+k6T7K5n lLDnEucvkADuUWUr9t2MKQ7Xd6/lLi2sdjnT24i6TxiQATJiquy/sIsq6unFmgMT rqWME4xJP3nG7Qb4lYSNxiYILbVGT1onxZ0zhvwyBY9OFlQDAL3Dw9c/7fDFngQ= =lXK5 -----END PGP SIGNATURE----- --Apple-Mail=_6788341D-62A9-4D63-9D50-95C54FD54F1F--